Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2oBT6FL8-Hj_-tkLLC554McMAYc.roa
File: 2oBT6FL8-Hj_-tkLLC554McMAYc.roa (raw, json)
Hash identifier: u3QagHzcJhLVpCqEU7lMq4n/gCIeZat+3kBiU8PP2O0=
Subject key identifier: DA:80:53:E8:52:FC:F8:78:FF:FA:D9:0B:2C:2E:79:E0:C7:0C:01:87
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2oBT6FL8-Hj_-tkLLC554McMAYc.roa
Signing time: Tue 13 May 2025 09:40:18 +0000
ROA not before: Tue 13 May 2025 09:40:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24510 (0x5fbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 09:40:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DA8053E852FCF878FFFAD90B2C2E79E0C70C0187
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b3:8f:43:45:72:a1:dd:3c:97:13:1c:86:b9:
11:82:f0:0e:29:68:32:0b:89:2e:cc:18:aa:33:d0:
5c:da:84:05:3a:ea:29:a4:ea:6d:49:14:31:2b:bc:
18:71:34:ca:0e:d5:da:3d:05:25:38:5b:b1:e8:64:
c5:f0:13:7f:36:da:d1:e3:8d:46:30:99:37:33:76:
b9:bf:d4:65:4b:42:55:d4:54:3f:f9:7b:cf:c7:35:
61:80:b3:fd:47:0e:2f:e1:73:70:b6:ac:7d:03:16:
8c:36:64:f8:06:1c:52:01:67:fb:cb:28:fe:05:51:
03:f0:94:d4:df:c7:cd:f5:2f:11:1e:31:ca:15:0d:
31:c4:4c:cd:3a:9b:2a:8f:79:da:bc:6a:d4:1e:d5:
78:ba:a5:54:59:30:7d:a8:12:37:40:72:08:34:8f:
98:46:18:62:d6:a9:95:c9:96:c9:68:70:5a:e7:76:
0b:f4:a1:ff:28:88:51:95:56:d6:53:2b:30:45:f3:
79:99:a4:46:47:0c:e3:43:e3:91:cf:66:6e:4b:00:
91:91:5d:20:11:00:ed:da:72:9d:54:da:9e:3a:08:
13:67:7f:d6:9b:c8:2d:e4:a1:5c:85:2f:8e:fb:b8:
69:28:61:98:63:7c:c3:43:cc:8d:d4:44:ad:d7:ea:
45:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:80:53:E8:52:FC:F8:78:FF:FA:D9:0B:2C:2E:79:E0:C7:0C:01:87
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2oBT6FL8-Hj_-tkLLC554McMAYc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2c:53:c1:8f:43:59:24:ed:73:11:b3:52:00:f4:89:99:6e:0a:
b5:ad:06:65:f1:d4:8a:57:39:05:57:b4:1c:35:a4:7b:4a:75:
bb:8f:01:81:00:1e:30:39:59:b7:d6:9f:94:3b:39:f4:35:aa:
8a:8c:61:88:db:89:57:f2:91:04:9f:8d:4d:a6:70:98:9e:7f:
ca:52:38:48:aa:56:41:32:0d:81:ae:1a:be:ff:bf:50:3a:c2:
fe:65:3e:f8:84:01:b1:06:5c:23:03:ba:8c:fe:e4:ac:ee:57:
e9:b1:58:1c:08:90:57:5a:56:16:dd:06:6e:f3:2b:d1:71:6f:
be:de:51:e4:84:75:75:aa:b2:fb:08:b3:8f:c0:c6:7b:2f:2e:
f1:2f:0f:d0:f0:54:fb:37:b3:e5:67:93:59:4b:81:b3:c9:8c:
86:eb:1e:48:19:54:0a:c4:f2:ef:80:d9:61:31:0d:d6:25:65:
bd:0d:23:69:fa:32:2d:9f:c6:0a:58:f3:e5:2d:d2:03:d5:f7:
2a:19:ce:b6:b8:4d:e7:e6:33:d8:28:79:7c:bc:55:10:2d:ca:
99:ca:9c:26:e5:ff:da:c3:14:12:a9:69:25:0c:83:10:c7:07:
8b:d5:22:4b:74:6a:90:c5:13:63:7a:e4:f6:50:18:79:f4:8d:
11:e7:39:51
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX74wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMw
OTQwMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBODA1M0U4NTJGQ0Y4
NzhGRkZBRDkwQjJDMkU3OUUwQzcwQzAxODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJs49DRXKh3TyXExyGuRGC8A4paDILiS7MGKoz0FzahAU66imk
6m1JFDErvBhxNMoO1do9BSU4W7HoZMXwE3822tHjjUYwmTczdrm/1GVLQlXUVD/5
e8/HNWGAs/1HDi/hc3C2rH0DFow2ZPgGHFIBZ/vLKP4FUQPwlNTfx831LxEeMcoV
DTHETM06myqPedq8atQe1Xi6pVRZMH2oEjdAcgg0j5hGGGLWqZXJlslocFrndgv0
of8oiFGVVtZTKzBF83mZpEZHDOND45HPZm5LAJGRXSARAO3acp1U2p46CBNnf9ab
yC3koVyFL477uGkoYZhjfMNDzI3URK3X6kUTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2oBT6FL8+Hj/+tkLLC554McMAYcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJvQlQ2Rkw4LUhqXy10
a0xMQzU1NE1jTUFZYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAsU8GP
Q1kk7XMRs1IA9ImZbgq1rQZl8dSKVzkFV7QcNaR7SnW7jwGBAB4wOVm31p+UOzn0
NaqKjGGI24lX8pEEn41NpnCYnn/KUjhIqlZBMg2Brhq+/79QOsL+ZT74hAGxBlwj
A7qM/uSs7lfpsVgcCJBXWlYW3QZu8yvRcW++3lHkhHV1qrL7CLOPwMZ7Ly7xLw/Q
8FT7N7PlZ5NZS4GzyYyG6x5IGVQKxPLvgNlhMQ3WJWW9DSNp+jItn8YKWPPlLdID
1fcqGc62uE3n5jPYKHl8vFUQLcqZypwm5f/awxQSqWklDIMQxweL1SJLdGqQxRNj
euT2UBh59I0R5zlR
-----END CERTIFICATE-----
Generated at Sat May 17 23:51:52 2025 by rpki-client